Leading organizations worldwide count on NetApp for software, systems and services to manage and store their data. Customers value our teamwork, expertise and passion for helping them succeed now and into the future. Visit us at www.netapp.com.

Forbes BrandVoice™ allows marketers to
connect directly with the Forbes audience by enabling them to create
content – and participate in the conversation – on the Forbes digital publishing
platform. Each BrandVoice™ is produced
by the marketer.
More on BrandVoice™ here
, or email us directly at
brandvoice@forbes.com.

BYOD: A Question Of Lust (And Trust)

Massive shifts in the business world rarely spring from grand designs. Corporate change is often driven by the need to make cost savings, meet targets, and justify bonuses.

The Bring Your Own Device trend is no exception…

Driving the trend forward are several other factors. One is the consumerization of IT, which means that staff now carry devices that far outstrip those supplied by centrally controlled, corporate buyers.

Another factor is increased mobility, coupled with a shift in regular working hours. Employees are being asked to work at any time, from any place—so it’s imperative that companies find ways to maintain job satisfaction and loyalty.

And that’s where BYOD comes in: Companies discover they’re no longer responsible for the purchase, upkeep and maintenance of expensive devices; employees are happier, more productive and show greater flexibility.

And Why Not? People prefer to use a single device that they’ve chosen, and not need to juggle two different devices. As is illustrated by survey after survey, such as this, from TNS Global for Dell and Intel. Adriana Karaboutis, Dell’s CIO, commented:

“With today’s increasingly tech-savvy workforce and outcome-driven employees, companies have everything to gain from fully embracing the IT consumerization and mobility trend that is redefining the workplace. … [BYOD is] one of the single most important steps in motivating business productivity.”

So costs fall and employees are happy. What’s not to like?

Yet all is not rosy in the BYOD world. The reason for dissent? That old corporate chestnut: security.

Imagine The Scene: A plethora of devices, all of them private, each with its own configuration, accessing a corporate network with potentially sensitive data.

Without controls, you get a massive security nightmare.

One solution to the problem is for IT departments to do what they know best: Use management tools to block dangerous apps, control users’ network access levels, and remotely erase information from lost or stolen devices. In other words, manage access on employee-owned devices in the same way they manage corporate IT assets.

However, this only skirts the issue: It’s a far from satisfactory solution. For a start, excessive control can undermine the usefulness of employee-owned devices, decreasing satisfaction and productivity. As Ojas Rege, vice president of strategy for MobileIron, which helps companies manage mobile security, told Businessweek:

“You can’t have Twitter, you can’t have Facebook. You may be able to live with that on a corporate device, but with a personal device, that doesn’t cut it.”

Down The Chute And Back To Square One? Security holes and data leaks can also occur in traditional ways: Employees can talk loudly in public, they can photograph sensitive data, or just lose it in an airline seat pocket.

So the answer to security lies in another direction altogether. It’s one that truly showcases the disruptive power of BYOD in the workplace:

Trust!

BYOD policies need to be transparent. Having parts hidden from employees can cause policies to backfire. Such openness requires a rethinking of corporate communications, away from its traditional need-to-know assumption.

The trust that this change requires will in turn fuel the productivity increases that enterprises are hoping to get from BYOD.

Such a radical shift in the employer/employee dynamic is far from the only change being forced by the BYOD trend.

In the past, the desktop setup and data storage facilities at work were totally different to those that employees used in their personal lives. This made it possible to have totally separate digital lives at work and in their leisure time.

“Get used to it. The reason BYOD is here to stay is psychological. It’s less about technology and more about culture—or even anthropology. … BYOD devices aren’t categorizable as tools, but instead are part of the employee. … It can’t be ignored or wished away.”

The Bottom LineThe smarter, mobile, integrated workforce of the future is being shaped right now.

In the process, those workers are reshaping the companies they work for and the digital landscape we inhabit.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

Are you as a IT Manager, CIO or head of corporate Security going to let people run around with company secrets on their personal devices? No matter much you secure them in the office, people do silly things with their devices outside. Securing company secrets is hard at the best of times but adding an additional layer of risk, can the cost ad risk be justified?

But we should take care not to overstate the risks. As David rightly says: “Security holes and data leaks can also occur in traditional ways: Employees can talk loudly in public, they can photograph sensitive data, or just lose it in an airline seat pocket.”

zarniwoop that is an excellent question and one where I would love to have a glib answer to. I don’t. At corporate level I remember being sat at meetings where we discussed, in all seriousness, how risky it was to give employees access to email and the possibility of sensitive corporate data leaving the building in one click. The discussion has not moved much further forward I am afraid, we just substitute the latest tech innovation for ‘email’ and we are still sitting round the table talking about corporate security as if it is the province of one person, or one department even.

The real change that needs to take place is the awareness that security is linked to behaviour and trust. The first one needs to be modified across the board the second needs to be fostered corporation-wide. None of these two are easy to achieve in the conventional sense of the word.

The companies I see directly are struggling with both but in the meantime they do the easy thing and approach it exactly the same way you do. It is a real challenge.

You’re quite right Richi but generally items like corporate laptops (at least where I work) are used for work purposes and Group Policy screws them down so that even if they are used outside of a company, you still have to pass through corporate IT. Personal devices will always be primarily personal devices with all the hazards this brings and corporate BYOD’s second. Additionally, BYOD’s like the iPad’s for example are notoriously difficult to lock down, a friend of mine is rolling out iPad’s where he works as corporate devices and is pulling his hair out trying to secure ad lock them down. Perhaps this will change with Microsoft’s Surface or other Windows 8 devices, who knows.

The long and the short of it is a home device should be a home device and a corporate or government device remain so. Adding BYOD’s WILL introduce a whole load of security issues that, in this day and age where corporate espionage is big business, will undoubtedly bring huge costs and security headaches and probably end up costing more than traditional purchasing of IT equipment.

Perhaps the best way to think of these devices, zarniwoop, whether smartphones, tablets or laptop computers, is as a portal into the corporate network. If your IT staff is at all competent, they can structure your corporate network so that all of your company’s data resides entirely on company servers accessible over the internet. Thus no data resides on any client device, reducing the technical aspect of security to authentication and transmission.

If no data is resident on the device and the credentials needed to create a VPN connection is not stored on the device, a lost or stolen computer will not divulge corporate secrets.

Of course this doesn’t address the broader, human all too human, dimension of security: all the technology in the world won’t protect your data if your employees are untrustworthy or gullible.

Whilst email etc. was a concern when in it’s infancy, I don’t thin it’s in the same boat as brining your tablet to work, working with sensitive or classified company or government secrets and then going home to allow little Johnny to take over it and to pop round to his Chinese friend and play with it. As I said in another reply, corporate espionage is very big business.

As you’ve quite correctly pointed out, even corporate or government portable equipment does get left on the train etc. but those machines are (well at least where I work) heavily secured and encrypted so extracting information with be more challenging, but yes it does happen.

There’s also the added issue of health and safety and the annual PAT testing of all electrical devices (here in UK at least) plus insurance and a whole host of other, as yet, undiscovered issues to resolve.

Thank you for the additional granularity. I know it’s very hard to draw broad stroke pictures and then claim total accuracy. We are heading towards the day when most industries will have a totally mobile work force because it makes bottom line sense which means it provides a company with a competitive advantage. It may well not be for everyone (I have come across PR departments that still use faxes!) and it will be a massive challenge. My guess is that quite a lot will change as a result: responsibility, culture of trust, security measures, accessibility and even liability.

In the UK, at least, Health & Safety checks (which add to the hidden expense of doing business) will feature in the decision-making process. As always with such things the move will become inevitable when it makes more bottom-line sense to go with it than not to. Until that moment comes what will sway decisions will be the ‘vision thing’ that a business has to guide it plus its willingness to lead in the internal changes in management and communication that must happen alongside the adoption of a total BYOD policy.

I must thank you for your comments here. They added a great deal of granularity which would have been impossible to cover in the article without losing focus.

The article suggests that ‘one solution to the problem [of security] is for IT departments to do what they know best: use management tools to block dangerous apps, control users’ network access levels, and remotely erase information from lost or stolen devices.’ This of course requires the IT departments to invest time and money into the additional devices, which could be an issue for businesses. That said, it is likely an imperative step if companies want to ensure their IT/data security is not compromised.

The notion of ‘trust’ being just as important is interesting. With so many new devices and potential threats being introduced via BYOD, a business’ first instinct could be to immediately restrict access to the networks and block certain applications. We recently conducted a study with Easynet (KillerApps 2012) which showed that 67 per cent of European CIOs and IT Directors block Facebook. 60 per cent block YouTube, 49 per cent block Twitter, and 56 per cent block all online video.

Yet restricting employees’ social media habits so heavily could undermine the purpose of bringing in a personal device altogether, and could dent morale amongst workers.

BYOD is a popular trend which looks set to stay, but the balance between business security and employee freedom is clearly a fine one. I’d like to hear others’ views on where this line sits.

OK, lets imagine the “device” in question is $1000, that’s maybe a weeks salary AT most for many mid to high level staff, so the cost saving is pretty hard to justify against the time that IT staff would have to invest in ensuring every member of staff has their device appropriately virus checked, password controlled etc, not to mention the problems of protecting corporate data and security.

BYOD is bogus. It’s an excuse for people to try and bring their personal toys to work, or get free support out of the IT guys to fix their problematic laptop computer that their teenagers wrecked with viruses.

What is the incentive to help your employer out? So they can off-shore you after you put years of 80 hour weeks with no raise or bonus? Oh, maybe they will give you an extra week of vacation that you can’t take because you will be so far behind it is not worth it. Employers are pimps with no soul. If it doesn’t help them out they aren’t interested. They limit access to apps on a device you purchased, seems legit. When they can your sorry but can you go in and get the restrictions removed. Seems legit